1{ 2 "$id": "http://redfish.dmtf.org/schemas/v1/ExternalAccountProvider.v1_7_2.json", 3 "$ref": "#/definitions/ExternalAccountProvider", 4 "$schema": "http://redfish.dmtf.org/schemas/v1/redfish-schema-v1.json", 5 "copyright": "Copyright 2014-2024 DMTF. For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright", 6 "definitions": { 7 "AccountProviderTypes": { 8 "enum": [ 9 "RedfishService", 10 "ActiveDirectoryService", 11 "LDAPService", 12 "OEM", 13 "TACACSplus", 14 "OAuth2" 15 ], 16 "enumDescriptions": { 17 "ActiveDirectoryService": "An external Active Directory service.", 18 "LDAPService": "A generic external LDAP service.", 19 "OAuth2": "An external OAuth 2.0 service.", 20 "OEM": "An OEM-specific external authentication or directory service.", 21 "RedfishService": "An external Redfish service.", 22 "TACACSplus": "An external TACACS+ service." 23 }, 24 "enumLongDescriptions": { 25 "ActiveDirectoryService": "The external account provider shall be a Microsoft Active Directory Technical Specification-conformant service. The `ServiceAddresses` property shall contain fully qualified domain names (FQDN) or NetBIOS names that link to the domain servers for the Active Directory service.", 26 "LDAPService": "The external account provider shall be an RFC4511-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `scheme://host:port`, where `scheme://` and `:port` are optional, that link to the LDAP servers for the service. If the scheme is not specified, services shall assume it is `ldaps://`. If the port is not specified, services shall assume it is `636`. For example, `ldaps://contoso.com:636` or `contoso.com`.", 27 "OAuth2": "The external account provider shall be an RFC6749-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs that correspond to the RFC8414-defined metadata for the OAuth 2.0 service. For example, `https://contoso.org/.well-known/oauth-authorization-server`.", 28 "RedfishService": "The external account provider shall be a DMTF Redfish Specification-conformant service. The `ServiceAddresses` property shall contain URIs to `AccountService` resources that correspond to Redfish services. For example, `https://192.168.1.50/redfish/v1/AccountService`.", 29 "TACACSplus": "The external account provider shall be an RFC8907-conformant service. The `ServiceAddresses` property shall contain RFC3986-defined URIs in the format `host:port` that correspond to the TACACS+ services." 30 }, 31 "enumVersionAdded": { 32 "OAuth2": "v1_3_0", 33 "TACACSplus": "v1_3_0" 34 }, 35 "type": "string" 36 }, 37 "Actions": { 38 "additionalProperties": false, 39 "description": "The available actions for this resource.", 40 "longDescription": "This type shall contain the available actions for this resource.", 41 "patternProperties": { 42 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 43 "description": "This property shall specify a valid odata or Redfish property.", 44 "type": [ 45 "array", 46 "boolean", 47 "integer", 48 "number", 49 "null", 50 "object", 51 "string" 52 ] 53 } 54 }, 55 "properties": { 56 "Oem": { 57 "$ref": "#/definitions/OemActions", 58 "description": "The available OEM-specific actions for this resource.", 59 "longDescription": "This property shall contain the available OEM-specific actions for this resource." 60 } 61 }, 62 "type": "object" 63 }, 64 "Authentication": { 65 "additionalProperties": false, 66 "description": "The information required to authenticate to the external service.", 67 "longDescription": "This type shall contain the information required to authenticate to the external service.", 68 "patternProperties": { 69 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 70 "description": "This property shall specify a valid odata or Redfish property.", 71 "type": [ 72 "array", 73 "boolean", 74 "integer", 75 "number", 76 "null", 77 "object", 78 "string" 79 ] 80 } 81 }, 82 "properties": { 83 "AuthenticationType": { 84 "anyOf": [ 85 { 86 "$ref": "#/definitions/AuthenticationTypes" 87 }, 88 { 89 "type": "null" 90 } 91 ], 92 "description": "The type of authentication used to connect to the external account provider.", 93 "longDescription": "This property shall contain the type of authentication used to connect to the external account provider.", 94 "readonly": false 95 }, 96 "EncryptionKey": { 97 "description": "Specifies the encryption key.", 98 "longDescription": "This property shall contain the value of a symmetric encryption key for account services that support some form of encryption, obfuscation, or authentication such as TACACS+. The value shall be `null` in responses. The property shall accept a hexadecimal string whose length depends on the external account service, such as TACACS+. A TACACS+ service shall use this property to specify the secret key as defined in RFC8907.", 99 "pattern": "^[0-9a-fA-F]+$", 100 "readonly": false, 101 "type": [ 102 "string", 103 "null" 104 ], 105 "versionAdded": "v1_2_0", 106 "writeOnly": true 107 }, 108 "EncryptionKeySet": { 109 "description": "Indicates if the `EncryptionKey` property is set.", 110 "longDescription": "This property shall contain `true` if a valid value was provided for the `EncryptionKey` property. Otherwise, the property shall contain `false`. For a TACACS+ service, the value `false` shall indicate data obfuscation, as defined in section 4.5 of RFC8907, is disabled.", 111 "readonly": true, 112 "type": [ 113 "boolean", 114 "null" 115 ], 116 "versionAdded": "v1_2_0" 117 }, 118 "KerberosKeytab": { 119 "description": "The Base64-encoded version of the Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. This property is `null` in responses.", 120 "longDescription": "This property shall contain a Base64-encoded version of the Kerberos keytab for this service. A `PATCH` or `PUT` operation writes the keytab. The value shall be `null` in responses.", 121 "readonly": false, 122 "type": [ 123 "string", 124 "null" 125 ], 126 "writeOnly": true 127 }, 128 "Oem": { 129 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 130 "description": "The OEM extension property.", 131 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." 132 }, 133 "Password": { 134 "description": "The password for this service. A `PATCH` or `PUT` request writes the password. This property is `null` in responses.", 135 "longDescription": "This property shall contain the password for this service. A `PATCH` or `PUT` operation writes the password. The value shall be `null` in responses.", 136 "readonly": false, 137 "type": [ 138 "string", 139 "null" 140 ], 141 "writeOnly": true 142 }, 143 "Token": { 144 "description": "The token for this service. A `PATCH` or `PUT` operation writes the token. This property is `null` in responses.", 145 "longDescription": "This property shall contain the token for this service. A `PATCH` or `PUT` operation writes the token. The value shall be `null` in responses.", 146 "readonly": false, 147 "type": [ 148 "string", 149 "null" 150 ], 151 "writeOnly": true 152 }, 153 "Username": { 154 "description": "The username for the service.", 155 "longDescription": "This property shall contain the username for this service.", 156 "readonly": false, 157 "type": "string" 158 } 159 }, 160 "type": "object" 161 }, 162 "AuthenticationTypes": { 163 "enum": [ 164 "Token", 165 "KerberosKeytab", 166 "UsernameAndPassword", 167 "OEM" 168 ], 169 "enumDescriptions": { 170 "KerberosKeytab": "A Kerberos keytab.", 171 "OEM": "An OEM-specific authentication mechanism.", 172 "Token": "An opaque authentication token.", 173 "UsernameAndPassword": "A username and password combination." 174 }, 175 "type": "string" 176 }, 177 "ExternalAccountProvider": { 178 "additionalProperties": false, 179 "description": "The `ExternalAccountProvider` schema represents a remote service that provides accounts for this manager to use for authentication.", 180 "longDescription": "This resource shall represent a remote authentication service in the Redfish Specification.", 181 "patternProperties": { 182 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 183 "description": "This property shall specify a valid odata or Redfish property.", 184 "type": [ 185 "array", 186 "boolean", 187 "integer", 188 "number", 189 "null", 190 "object", 191 "string" 192 ] 193 } 194 }, 195 "properties": { 196 "@odata.context": { 197 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/context" 198 }, 199 "@odata.etag": { 200 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/etag" 201 }, 202 "@odata.id": { 203 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/id" 204 }, 205 "@odata.type": { 206 "$ref": "http://redfish.dmtf.org/schemas/v1/odata-v4.json#/definitions/type" 207 }, 208 "AccountProviderType": { 209 "anyOf": [ 210 { 211 "$ref": "#/definitions/AccountProviderTypes" 212 }, 213 { 214 "type": "null" 215 } 216 ], 217 "description": "The type of external account provider to which this service connects.", 218 "longDescription": "This property shall contain the type of external account provider to which this service connects.", 219 "readonly": true 220 }, 221 "Actions": { 222 "$ref": "#/definitions/Actions", 223 "description": "The available actions for this resource.", 224 "longDescription": "This property shall contain the available actions for this resource." 225 }, 226 "Authentication": { 227 "$ref": "#/definitions/Authentication", 228 "description": "The authentication information for the external account provider.", 229 "longDescription": "This property shall contain the authentication information for the external account provider." 230 }, 231 "Certificates": { 232 "$ref": "http://redfish.dmtf.org/schemas/v1/CertificateCollection.json#/definitions/CertificateCollection", 233 "description": "The link to a collection of certificates that the external account provider uses.", 234 "longDescription": "This property shall contain a link to a resource collection of type `CertificateCollection` that contains certificates the external account provider uses.", 235 "readonly": true, 236 "versionAdded": "v1_1_0" 237 }, 238 "Description": { 239 "anyOf": [ 240 { 241 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Description" 242 }, 243 { 244 "type": "null" 245 } 246 ], 247 "readonly": true 248 }, 249 "Id": { 250 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Id", 251 "readonly": true 252 }, 253 "LDAPService": { 254 "$ref": "#/definitions/LDAPService", 255 "description": "The additional mapping information needed to parse a generic LDAP service.", 256 "longDescription": "This property shall contain any additional mapping information needed to parse a generic LDAP service. This property should only be present if `AccountProviderType` is `LDAPService`." 257 }, 258 "Links": { 259 "$ref": "#/definitions/Links", 260 "description": "The links to other resources that are related to this resource.", 261 "longDescription": "This property shall contain links to resources that are related to but are not contained by, or subordinate to, this resource." 262 }, 263 "Name": { 264 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Name", 265 "readonly": true 266 }, 267 "OAuth2Service": { 268 "anyOf": [ 269 { 270 "$ref": "#/definitions/OAuth2Service" 271 }, 272 { 273 "type": "null" 274 } 275 ], 276 "description": "The additional information needed to parse an OAuth 2.0 service.", 277 "longDescription": "This property shall contain additional information needed to parse an OAuth 2.0 service. This property should only be present inside an `OAuth2` property.", 278 "versionAdded": "v1_3_0" 279 }, 280 "Oem": { 281 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 282 "description": "The OEM extension property.", 283 "longDescription": "This property shall contain the OEM extensions. All values for properties that this object contains shall conform to the Redfish Specification-described requirements." 284 }, 285 "Priority": { 286 "description": "The authentication priority for the external account provider.", 287 "longDescription": "This property shall contain the assigned priority for the specified external account provider. The value `0` shall indicate the highest priority. Increasing values shall represent decreasing priority. If an external provider does not have a priority assignment or two or more external providers have the same priority, the behavior shall be determined by the Redfish service. The priority is used to determine the order of authentication and authorization for each external account provider.", 288 "minimum": 0, 289 "readonly": false, 290 "type": [ 291 "integer", 292 "null" 293 ], 294 "versionAdded": "v1_2_0" 295 }, 296 "RemoteRoleMapping": { 297 "description": "The mapping rules to convert the external account providers account information to the local Redfish role.", 298 "items": { 299 "anyOf": [ 300 { 301 "$ref": "#/definitions/RoleMapping" 302 }, 303 { 304 "type": "null" 305 } 306 ] 307 }, 308 "longDescription": "This property shall contain a set of the mapping rules that are used to convert the external account providers account information to the local Redfish role.", 309 "type": "array" 310 }, 311 "Retries": { 312 "description": "The number of times to retry connecting to an address in the `ServiceAddresses` property before attempting the next address in the array.", 313 "longDescription": "This property shall contain the number of retries to attempt a connection to an address in the `ServiceAddresses` property before attempting a connection to the next address in the array or giving up. If this property is not present, the service has internal policies for handling retries.", 314 "readonly": false, 315 "type": [ 316 "integer", 317 "null" 318 ], 319 "versionAdded": "v1_6_0" 320 }, 321 "ServiceAddresses": { 322 "description": "The addresses of the user account providers to which this external account provider links. The format of this field depends on the type of external account provider.", 323 "items": { 324 "type": [ 325 "string", 326 "null" 327 ] 328 }, 329 "longDescription": "This property shall contain the addresses of the account providers to which this external account provider links. The format of this field depends on the type of external account provider. Each item in the array shall contain a single address. Services can define their own behavior for managing multiple addresses.", 330 "readonly": false, 331 "type": "array" 332 }, 333 "ServiceEnabled": { 334 "description": "An indication of whether this service is enabled.", 335 "longDescription": "This property shall indicate whether this service is enabled.", 336 "readonly": false, 337 "type": [ 338 "boolean", 339 "null" 340 ] 341 }, 342 "TACACSplusService": { 343 "anyOf": [ 344 { 345 "$ref": "#/definitions/TACACSplusService" 346 }, 347 { 348 "type": "null" 349 } 350 ], 351 "description": "The additional information needed to parse a TACACS+ services.", 352 "longDescription": "This property shall contain additional information needed to parse a TACACS+ services. This property should only be present inside a `TACACSplus` property.", 353 "versionAdded": "v1_2_0" 354 }, 355 "TimeoutSeconds": { 356 "description": "The period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out.", 357 "longDescription": "This property shall contain the period of time, in seconds, this account service will wait for a response from an address of a user account provider before timing out. If this property is not present, the service has internal policies for handling timeouts.", 358 "readonly": false, 359 "type": [ 360 "integer", 361 "null" 362 ], 363 "versionAdded": "v1_6_0" 364 } 365 }, 366 "required": [ 367 "@odata.id", 368 "@odata.type", 369 "Id", 370 "Name" 371 ], 372 "requiredOnCreate": [ 373 "AccountProviderType" 374 ], 375 "type": "object" 376 }, 377 "LDAPSearchSettings": { 378 "additionalProperties": false, 379 "description": "The settings to search a generic LDAP service.", 380 "longDescription": "This type shall contain all required settings to search a generic LDAP service.", 381 "patternProperties": { 382 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 383 "description": "This property shall specify a valid odata or Redfish property.", 384 "type": [ 385 "array", 386 "boolean", 387 "integer", 388 "number", 389 "null", 390 "object", 391 "string" 392 ] 393 } 394 }, 395 "properties": { 396 "BaseDistinguishedNames": { 397 "description": "The base distinguished names to use to search an external LDAP service.", 398 "items": { 399 "type": [ 400 "string", 401 "null" 402 ] 403 }, 404 "longDescription": "This property shall contain an array of base distinguished names to use to search an external LDAP service.", 405 "readonly": false, 406 "type": "array" 407 }, 408 "EmailAttribute": { 409 "description": "The attribute name that contains the LDAP user's email address.", 410 "longDescription": "This property shall contain the attribute name that contains the LDAP user's email address. If this value is not set by the user, or the property is not present, the value shall be `mail`.", 411 "readonly": false, 412 "type": [ 413 "string", 414 "null" 415 ], 416 "versionAdded": "v1_7_0" 417 }, 418 "GroupNameAttribute": { 419 "description": "The attribute name that contains the LDAP group name entry.", 420 "longDescription": "This property shall contain the attribute name that contains the LDAP group name.", 421 "readonly": false, 422 "type": [ 423 "string", 424 "null" 425 ] 426 }, 427 "GroupsAttribute": { 428 "description": "The attribute name that contains the groups for a user on the LDAP user entry.", 429 "longDescription": "This property shall contain the attribute name that contains the groups for an LDAP user entry.", 430 "readonly": false, 431 "type": [ 432 "string", 433 "null" 434 ] 435 }, 436 "SSHKeyAttribute": { 437 "description": "The attribute name that contains the LDAP user's SSH public key entry.", 438 "longDescription": "This property shall contain the attribute name that contains the LDAP user's SSH public key.", 439 "readonly": false, 440 "type": [ 441 "string", 442 "null" 443 ], 444 "versionAdded": "v1_4_0" 445 }, 446 "UsernameAttribute": { 447 "description": "The attribute name that contains the LDAP username entry.", 448 "longDescription": "This property shall contain the attribute name that contains the LDAP username.", 449 "readonly": false, 450 "type": [ 451 "string", 452 "null" 453 ] 454 } 455 }, 456 "type": "object" 457 }, 458 "LDAPService": { 459 "additionalProperties": false, 460 "description": "The settings required to parse a generic LDAP service.", 461 "longDescription": "This type shall contain all required settings to parse a generic LDAP service.", 462 "patternProperties": { 463 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 464 "description": "This property shall specify a valid odata or Redfish property.", 465 "type": [ 466 "array", 467 "boolean", 468 "integer", 469 "number", 470 "null", 471 "object", 472 "string" 473 ] 474 } 475 }, 476 "properties": { 477 "Oem": { 478 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 479 "description": "The OEM extension property.", 480 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." 481 }, 482 "SearchSettings": { 483 "$ref": "#/definitions/LDAPSearchSettings", 484 "description": "The required settings to search an external LDAP service.", 485 "longDescription": "This property shall contain the required settings to search an external LDAP service." 486 } 487 }, 488 "type": "object" 489 }, 490 "Links": { 491 "additionalProperties": false, 492 "description": "The links to other resources that are related to this resource.", 493 "longDescription": "This Redfish Specification-described type shall contain links to resources that are related to but are not contained by, or subordinate to, this resource.", 494 "patternProperties": { 495 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 496 "description": "This property shall specify a valid odata or Redfish property.", 497 "type": [ 498 "array", 499 "boolean", 500 "integer", 501 "number", 502 "null", 503 "object", 504 "string" 505 ] 506 } 507 }, 508 "properties": { 509 "Oem": { 510 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 511 "description": "The OEM extension property.", 512 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." 513 } 514 }, 515 "type": "object" 516 }, 517 "OAuth2Mode": { 518 "enum": [ 519 "Discovery", 520 "Offline" 521 ], 522 "enumDescriptions": { 523 "Discovery": "OAuth 2.0 service information for token validation is downloaded by the service.", 524 "Offline": "OAuth 2.0 service information for token validation is configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 525 }, 526 "enumLongDescriptions": { 527 "Discovery": "This value shall indicate the service performs token validation from information found at the URIs specified by the `ServiceAddresses` property. Services shall implement a caching method of this information so it's not necessary to retrieve metadata and key information for every request containing a token.", 528 "Offline": "This value shall indicate the service performs token validation from properties configured by a client. Clients should configure the `Issuer` and `OAuthServiceSigningKeys` properties for this mode." 529 }, 530 "type": "string" 531 }, 532 "OAuth2Service": { 533 "additionalProperties": false, 534 "description": "Various settings to parse an OAuth 2.0 service.", 535 "longDescription": "This type shall contain settings for parsing an OAuth 2.0 service.", 536 "patternProperties": { 537 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 538 "description": "This property shall specify a valid odata or Redfish property.", 539 "type": [ 540 "array", 541 "boolean", 542 "integer", 543 "number", 544 "null", 545 "object", 546 "string" 547 ] 548 } 549 }, 550 "properties": { 551 "Audience": { 552 "description": "The allowable audience strings of the Redfish service.", 553 "items": { 554 "type": "string" 555 }, 556 "longDescription": "This property shall contain an array of allowable RFC7519-defined audience strings of the Redfish service. The values shall uniquely identify the Redfish service. For example, a MAC address or UUID for the manager can uniquely identify the service.", 557 "readonly": true, 558 "type": "array", 559 "versionAdded": "v1_3_0" 560 }, 561 "Issuer": { 562 "description": "The issuer string of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 563 "longDescription": "This property shall contain the RFC8414-defined issuer string of the OAuth 2.0 service. If the `Mode` property contains the value `Discovery`, this property shall contain the value of the `issuer` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 564 "readonly": false, 565 "type": [ 566 "string", 567 "null" 568 ], 569 "versionAdded": "v1_3_0" 570 }, 571 "Mode": { 572 "$ref": "#/definitions/OAuth2Mode", 573 "description": "The mode of operation for token validation.", 574 "longDescription": "This property shall contain the mode of operation for token validation.", 575 "readonly": false, 576 "versionAdded": "v1_3_0" 577 }, 578 "OAuthServiceSigningKeys": { 579 "description": "The Base64-encoded signing keys of the issuer of the OAuth 2.0 service. Clients should configure this property if `Mode` contains `Offline`.", 580 "longDescription": "This property shall contain a Base64-encoded string of the RFC7517-defined signing keys of the issuer of the OAuth 2.0 service. Services shall verify the token provided in the `Authorization` header of the request with the value of this property. If the `Mode` property contains the value `Discovery`, this property shall contain the keys found at the URI specified by the `jwks_uri` string from the OAuth 2.0 service's metadata and this property shall be read-only. Clients should configure this property if `Mode` contains `Offline`.", 581 "readonly": false, 582 "type": [ 583 "string", 584 "null" 585 ], 586 "versionAdded": "v1_3_0" 587 }, 588 "Oem": { 589 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 590 "description": "The OEM extension property.", 591 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 592 "versionAdded": "v1_6_0" 593 } 594 }, 595 "type": "object" 596 }, 597 "OemActions": { 598 "additionalProperties": true, 599 "description": "The available OEM-specific actions for this resource.", 600 "longDescription": "This type shall contain the available OEM-specific actions for this resource.", 601 "patternProperties": { 602 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 603 "description": "This property shall specify a valid odata or Redfish property.", 604 "type": [ 605 "array", 606 "boolean", 607 "integer", 608 "number", 609 "null", 610 "object", 611 "string" 612 ] 613 } 614 }, 615 "properties": {}, 616 "type": "object" 617 }, 618 "RoleMapping": { 619 "additionalProperties": false, 620 "description": "The mapping rules that are used to convert the external account providers account information to the local Redfish role.", 621 "longDescription": "This type shall contain mapping rules that are used to convert the external account providers account information to the local Redfish role.", 622 "patternProperties": { 623 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 624 "description": "This property shall specify a valid odata or Redfish property.", 625 "type": [ 626 "array", 627 "boolean", 628 "integer", 629 "number", 630 "null", 631 "object", 632 "string" 633 ] 634 } 635 }, 636 "properties": { 637 "LocalRole": { 638 "description": "The name of the local Redfish role to which to map the remote user or group.", 639 "longDescription": "This property shall contain the `RoleId` property value within a role resource on this Redfish service to which to map the remote user or group.", 640 "readonly": false, 641 "type": [ 642 "string", 643 "null" 644 ] 645 }, 646 "MFABypass": { 647 "anyOf": [ 648 { 649 "$ref": "http://redfish.dmtf.org/schemas/v1/AccountService.json#/definitions/MFABypass" 650 }, 651 { 652 "type": "null" 653 } 654 ], 655 "description": "The multi-factor authentication bypass settings.", 656 "longDescription": "This property shall contain the multi-factor authentication bypass settings.", 657 "versionAdded": "v1_5_0" 658 }, 659 "Oem": { 660 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 661 "description": "The OEM extension property.", 662 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements." 663 }, 664 "RemoteGroup": { 665 "description": "The name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 666 "longDescription": "This property shall contain the name of the remote group, or the remote role in the case of a Redfish service, that maps to the local Redfish role to which this entity links.", 667 "readonly": false, 668 "type": [ 669 "string", 670 "null" 671 ] 672 }, 673 "RemoteUser": { 674 "description": "The name of the remote user that maps to the local Redfish role to which this entity links.", 675 "longDescription": "This property shall contain the name of the remote user that maps to the local Redfish role to which this entity links.", 676 "readonly": false, 677 "type": [ 678 "string", 679 "null" 680 ] 681 } 682 }, 683 "type": "object" 684 }, 685 "TACACSplusPasswordExchangeProtocol": { 686 "enum": [ 687 "ASCII", 688 "PAP", 689 "CHAP", 690 "MSCHAPv1", 691 "MSCHAPv2" 692 ], 693 "enumDescriptions": { 694 "ASCII": "The ASCII Login method.", 695 "CHAP": "The CHAP Login method.", 696 "MSCHAPv1": "The MS-CHAP v1 Login method.", 697 "MSCHAPv2": "The MS-CHAP v2 Login method.", 698 "PAP": "The PAP Login method." 699 }, 700 "enumLongDescriptions": { 701 "ASCII": "This value shall indicate the ASCII Login flow as described under section 5.4.2 of RFC8907.", 702 "CHAP": "This value shall indicate the CHAP Login flow as described under section 5.4.2 of RFC8907.", 703 "MSCHAPv1": "This value shall indicate the MS-CHAP v1 Login flow as described under section 5.4.2 of RFC8907.", 704 "MSCHAPv2": "This value shall indicate the MS-CHAP v2 Login flow as described under section 5.4.2 of RFC8907.", 705 "PAP": "This value shall indicate the PAP Login flow as described under section 5.4.2 of RFC8907." 706 }, 707 "type": "string" 708 }, 709 "TACACSplusService": { 710 "additionalProperties": false, 711 "description": "Various settings to parse a TACACS+ service.", 712 "longDescription": "This type shall contain settings for parsing a TACACS+ service.", 713 "patternProperties": { 714 "^([a-zA-Z_][a-zA-Z0-9_]*)?@(odata|Redfish|Message)\\.[a-zA-Z_][a-zA-Z0-9_]*$": { 715 "description": "This property shall specify a valid odata or Redfish property.", 716 "type": [ 717 "array", 718 "boolean", 719 "integer", 720 "number", 721 "null", 722 "object", 723 "string" 724 ] 725 } 726 }, 727 "properties": { 728 "AuthorizationService": { 729 "description": "The TACACS+ service authorization argument.", 730 "longDescription": "This property shall contain the TACACS+ service authorization argument as defined by section 8.2 of RFC8907. If this property is not present, the service defines the value to provide to the TACACS+ server.", 731 "readonly": false, 732 "type": "string", 733 "versionAdded": "v1_6_0" 734 }, 735 "Oem": { 736 "$ref": "http://redfish.dmtf.org/schemas/v1/Resource.json#/definitions/Oem", 737 "description": "The OEM extension property.", 738 "longDescription": "This property shall contain the OEM extensions. All values for properties contained in this object shall conform to the Redfish Specification-described requirements.", 739 "versionAdded": "v1_6_0" 740 }, 741 "PasswordExchangeProtocols": { 742 "description": "Indicates the allowed TACACS+ password exchange protocols.", 743 "items": { 744 "anyOf": [ 745 { 746 "$ref": "#/definitions/TACACSplusPasswordExchangeProtocol" 747 }, 748 { 749 "type": "null" 750 } 751 ] 752 }, 753 "longDescription": "This property shall indicate all the allowed TACACS+ password exchange protocol described under section 5.4.2 of RFC8907.", 754 "readonly": false, 755 "type": "array", 756 "versionAdded": "v1_2_0" 757 }, 758 "PrivilegeLevelArgument": { 759 "description": "Indicates the name of the TACACS+ argument name in an authorization request.", 760 "longDescription": "This property shall specify the name of the argument in a TACACS+ Authorization REPLY packet body, as defined in RFC8907, that contains the user's privilege level.", 761 "readonly": false, 762 "type": [ 763 "string", 764 "null" 765 ], 766 "versionAdded": "v1_2_0" 767 } 768 }, 769 "type": "object" 770 } 771 }, 772 "language": "en", 773 "owningEntity": "DMTF", 774 "release": "2023.2", 775 "title": "#ExternalAccountProvider.v1_7_2.ExternalAccountProvider" 776}